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The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )IE Responsive to communication(s) filed on 14 February 2000 . 
2a)D This action is FINAL. 2b)|3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 
Disposition of Claims 

4) (3 Claim(s) 1-63 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) D Claim(s) is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

11) D The proposed drawing correction filed on is: a)D approved b)D disapproved by the Examiner. 

If approved, corrected drawings are required in reply to this Office action. 

12) D The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§119 and 120 

13) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 

a)DAII b)D Some*c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

14) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 1 19(e) (to a provisional application). 

a) □ The translation of the foreign language provisional application has been received. 

15) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121. 
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DETAILED ACTION 



1 . Claims 1-63 are pending. 

Claim Objections 

2. Claim 5 is identical to claim 4. 

3. In reference to claim 17 and 18: 

The examiner is reading "A system as in claim 16 where at least on of said entities..." 
as "A system as in claim 16 where at least one of said entities..." 
Please make the appropriate corrections. 

4. Claim 24 is identical to claim 23. 

5. Claim 55 is missing. Claim numbering jumps from 54 to 56. 



Claim Rejections - 35 USC §112 

6. The following is a quotation of the second paragraph of 35 U.S.C. 112: 



The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 
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Claim 1 is rejected under 35 U.S.C. 112, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. 

Claim 1 provides for the use of control and maintenance of an operational 
organizational structure, but, since the claim does not set forth any steps involved in the 
method/process, it is unclear what method/process applicant is intending to encompass. 
A claim is indefinite where it merely recites a use without any active, positive steps 
delimiting how this use is actually practiced. 

Claim 1 is rejected under 35 U.S.C. 101 because the claimed recitation of a use, 
without setting forth any steps involved in the process, results in an improper definition 
of a process, i.e., results in a claim which is not a proper process claim under 35 
U.S.C. 101. See for example Ex parte Dunki, 153 USPQ 678 (Bd.App. 1967) and 
Clinical Products, Ltd. v. Brenner, 255 F. Supp. 131, 149 USPQ 475 (D.D.C. 1966). 

Claim Rejections - 35 USC § 101 

7. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

Claim 1-15 are rejected under 35 USC 101. 
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The claimed invention is directed to non-statutory subject matter and additionally is 
inoperative and therefore lacks utility. The steps of claim one do not appear to advance 
the operation of the method with any clear concrete and tangible result. 

Claim Rejections - 35 USC § 102 

8. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1 ) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

9. Claims 1-10, 13-39, 41-44, 47-57, 59, 61-63 as best understood are rejected under 
In reference to claim 1: 

Lampson et al. discloses a method for control and maintenance of an operational 
organizational structure, the method comprising: 

Associating entities with cryptographic capabilities; (Section 5.1 p.283-286) 
Organizing entities within the organizational structure as roles, and maintaining roles 
within the organizational structure, where an entity within the organization structure is a 
Principal, and the example is given of the entity being organized as a role. 
"Principals in Roles Abadi as Manager" (Section 2. Concepts P.268) 
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In reference to claim 2: 

Lampson et al. (Section 4.1 - Section 4.4 p. 275- 279) discloses a method wherein the 
method involves a public key infrastructure operation, where the public key 
infrastructure operation may be Encrypt, Decyrpt, or the selection of Keys. 

In reference to claim 3: 

Lampson et al. (Section 2. Concepts P.268) discloses a method wherein the control and 
maintenance further comprises: 

Assigning elements in said organizational structure to roles within said organizational 
structure, here the element is a person/people and the role is a manager. 

In reference to claim 4: 

Lampson et al. (section 5.3 P.290) discloses a method wherein the control and 
maintenance further comprises: 

Assigning elements in said organization structure to groups within said organizational 
structure, where a principal P may be a member of a group through a certificate. 

Claim 5 and 6 are rejected for the same reason as claim 4. 

In reference to claim 7: 
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Lampson et al. (Section 9. Access Control . 305-308) discloses a method wherein said 
cryptographic method involves access control technology, where the access control 
technology is an access control list. 

Claim 8 is rejected for the same reason as claim 7. 

In reference to claim 9: 

Lampson et al. (p.270 1st paragraph) discloses a method where said cryptographic 
method involves at least a database operation, where a database is searched to justify 
access control decisions. 

In reference to claim 16: 

Lampson et al. discloses a system for control and maintenance of an operational 
structure involving at least: 

• one cryptographic method, where the cryptographic method is public key 
cryptography (Section 4.1 - Section 4.4 p. 275- 279) 

• entities within organizations, characteristics of said entities and relationships 
between said entities, where the entities are principals. (Section 2. Concepts 
P.268) 

• where the capabilities, functions, characteristics, and relationships of entities 
are maintained and changed, where the changing is done through statements (Section 
3.1- Section 4, pages 271-274) 
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In reference to claim 17: 

Lampson et. al. (Section 2. Concepts, page 268) discloses a system where at least one 
of said entities is an individual in an organization under "People: Lampson, Abadi" 

In reference to claim 18: 

Lampson et al. (Section 2. Concepts, page 268) discloses a system where at least one 
of said entities is a group of individuals in an organization. 

In reference to claim 19: 

Lampson et al. (Section 2. Concepts, page 268) discloses a system where at least one 
capability is a role in an organization. 

In reference to claim 20: 

Lampson et al. (Section 2. Concepts, page 268) discloses a system where at least one 
capability is a task in an organization. 

In reference to claim 21 : 

Lampson et al. (Section 2. Concepts, page 268) discloses a system where at least one 
function is an operation by a functionary in an organization. 
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In reference to claim 22: 

Lampson et al. (Section 2. Concepts, page 268) discloses a system where at least one 
function is an operation by a group of functionaries in an organization, where a group is 
a Principal and Principals may take on roles or "functions". 

In reference to claim 23: 

Lampson et al. (p. 269 4 th paragraph and Section 5.2, p. 286-290) discloses a system 
where at least one of said characteristics and relationships is represented in a directory. 

In reference to claim 25: 

Lampson et al. (Figure 6, page 287) discloses a system where at least one of said 
characteristics and said relationships is represented in a public key infrastructure 
directory. 

In reference to claim 27: 

Lampson et al. (Figure 6, page 287) discloses a system where said system's operations 
involve updating at least one public key infrastructure directory, where the 
authentication tree demonstrates the public key infrastructure directory. 



In reference to claim 30: 
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Lampson et. al (p.283) discloses a system where said changing of the said maintained 
elements comprises change of databases, where the elements are principals and the 
credentials of an element are looked up in the database. 

In reference to claim 31 : 

Lampson et. al (p.283) discloses a system where said changing of the said maintained 
elements comprises change of cryptographic certification information within the public 
key infrastructure directories and further database changes, where the elements are 
principals, and a change of cryptographic certification information would change the 
credentials of the element in the database. 

In reference to claim 32: 

Lampson et. al. (Section 5.1, 5.2, p.283-290) discloses a system where said entities, 
said characteristics and said relationships are maintained by combining database 
components and components of certification authorities of a public key infrastructure, 
where the entities are principals and their characteristics and relationships are 
maintained by combining information from the database (the credentials of the entities) 
and the certificates provided by the certification authorities of the public key 
infrastructure. 



In reference to claim 33: 
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Lampson et. al. (p. 269 4 th paragraph) discloses a system where said entities are 
represented in at least first directory, where the entities are principals and 
7com/dec/src/burrows and /com/dec/src/abadi" are first directories where the entities 
are represented 

(Section 5.2, Path Names and Multiple Authorities, p. 287-290) discloses a system 
where said characteristics and said relationships are represented in at least second 
directory, where the second directory is tree or directory of authentication, and the paths 
within the directory hold represent the cryptographic relationships between the entities. 

Claim 34 is rejected for the same reason as claim 33. 

In reference to claim 37: 

Lampson et. al. (Section 5.1, A single certification authority, p. 283-286) discloses a 
system where said system's operation is activated by at least one designated entity 
amongst said entities, where the one designated entity is principal A, in first initiating the 
transaction. 

In reference to claim 38: 

Lampson et. al. (Section 5.1, A single certification authority, p. 283-286) demonstrates a 
system where said system's operation is activated based on agreed upon rules, where 
the agreed upon rules are apparent in the operation of the users interacting with the 
certification authority. 
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In reference to claim 42: 

Lampson et. al. (Section 5.2, Path Names and Multiple Authorities, p. 287-290) 
discloses a system where said characteristics and said relationships define 
authorization rules based on access structure, where the relationships defined by the 
authorization tree defines the authorization rules. 

Claims 43 and 44 are rejected for the same reason as claim 42. 

In reference to claim 47: 

Lampson et al. (p.286, 2 nd paragraph) discloses a system with the additional operation 
of monitoring operations within a system, where a timestamp is well known in the art to 
be considered a monitoring operation. 

In reference to claim 48: 

Lampson et al. (p.286, 2 nd paragraph) discloses a system with the additional operations 
of time stamping operations within said system. 

In reference to claim 49: 

Lampson et al. discloses a system of authentication in distributed systems where it is 
understood that at least one of said system's operations is performed distributedly via 
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communication. Lampson et al. (Section 5.1, A single certification authority, p. 283) 
specifically discloses contacting a certification authority as an operation performed 
distributedly. 

In reference to claim 50: 

Lampson et al. (p. 283) discloses a system where at least one of said system's 
operations is a distributed database operation. 



In reference to claim 52: 

Lampson et. al. (Section 5.1 , A single certification authority, p. 283 - 286) discloses 
database system representing an organization involving directories representing 
entities, their characteristics, roles, and relationships together with their associations 
with cryptographic capabilities, the database system comprising following transactional 
components: 

Connection to cryptographic authorities representing the cryptographic capabilities 
associated with said entities, said characteristics, and said relationships, where the 
cryptographic authorities are certification authorities, and the entities are principals who 
communication to the CA's in cryptographic transactions. 

A maintenance system by which said database and said cryptographic authorities are 
maintained in coordination and by authorized parties assuring the representation of said 
organization and said cryptographic capabilities are soundly associated as defined by 
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the coordination directives, where the maintenance of the authorizations is observed 
through the use of certification authorities, and using the database to check access 
control transactions. Lampson et al. (p.270 1 st paragraph) 
Maintainance transactions acting within said maintenance system, maintaining view 
representing an organization, where the maintenance transaction are database 
accesses to justify granting accesses Lampson et al. (p.270 1 st paragraph) 

In reference to claim 53: 

Lampson et. al. (Section 2, p. 268 - 270) discloses a system wherein said organization 
comprises a plurality of entities, where entities are principals. 

In reference to claim 54: 

Lampson et. al (Section 5.2, Path Names and Multiple Authorities, p. 286-290) discloses 
a system wherein said cryptographic authorities is a plurality of at least one certification 
authorities. 

In reference to claim 56: 

Lampson et al. (Section 5.2, Path Names and Multiple Authorities, p. 286-290) discloses 
a system wherein said cryptographic authorities is a plurality of authorities organized 
hierarchically. 



In reference to claim 57: 
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Lampson et al. (Section 9, Access Control, p. 305-307) discloses a system wherein 
said authorized parties are maintained by another instantiation of the system, where the 
other instantiation is the access control list. 

In reference to claim 59: 

Lampson et al. (Section 5.2, Path Names and Multiple Authorities, p. 283-286) discloses 
a system wherein said coordinating directives involve cryptographic fields assuring 
integrity of the operation, wherein the coordination of the entities with the certification 
authorities assure integrity of the operation 

In reference to claim 61 : 

Lampson et. al. (p. 285) discloses a system wherein cryptographic capabilities involve 
digital certificates. 

In reference to claim 62: 

Lampson et. al. (Section 2, p. 268 - 270) discloses a system wherein said organization 
comprise various organizational units, where the organizational units are defined as 
Concepts. 

In reference to claim 63: 

Lampson et. al. (Section 2 and Section 3.1 ,3.2, p. 268 - 272) discloses a system 
wherein said organization comprise of various organizational units where entities are 



# 




Application/Control Number: 09/503,181 



Page 15 



Art Unit: 2134 

defined in one unit and their roles are defined within a second unit, where the concept 
of Principals comprises entities, and the roles are defined in a second concept, in 
statements. 



10. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

1 1 . Claims 1 1 , 12, 40, 45-46, 58, 60 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Lampson et. al. 

In reference to claim 1 1 : 

Lampson et al. discloses a method for operational organizational structure for 
authentication in distributed systems however does not explicitly disclose a method 
wherein the operational organizational structure represents at least one commercial 
organization. 

Lampson et al. additionally reveals intent to do this as disclosed in (Section 2. 
Concepts p.268) where some of the possible values for the groups are SRC and DEC 
employees. 

It would have been obvious to one of ordinary skill in the art to use this in 
distributed systems requiring cryptographic security, including commercial organizations 



Claim Rejections - 35 USC § 103 
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given Lampson et al.'s intent to apply the model to any kind of distributed system 
requiring authentication, including commercial organizations. 

Claim 12 is rejected for the same reason as claim 1 1 . 

In reference to claim 40: 

Lampson et al. (p. 283 - 290) discloses an instance of a database involving entities and 
relationship, but does not disclose an instance where the system's operation is a 
database maintenance operation. 

The examiner takes official notice that database maintenance operations are well 
known to those skilled in the art are necessary to maintain the function and integrity of 
databases. 

It would have been obvious to one of ordinary skill in the art at the time of 
invention to include some instance where the operations being performed on the 
database were database maintenance operations given the need to maintain the 
database in some way. 

In reference to claim 45: 

The examiner takes official notice that logging system's operations are well known in 
the art. 

It would have been obvious to one of ordinary skill in the art at the time of 
invention to log the system operations of Lampson et. al.'s disclosure given the 
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advantage of being able to have a formal record for the actions of the certification 
authorities and the logins by the users. 

Claim 46 is rejected for the same reason as claim 45. 

In reference to claim 58: 

Lampson et al. does not explicitly disclose a system wherein said authorized parties are 
assigned by management of said organization. However it is well understood in the art 
that the decision of cryptographic authorities to use, or the decision on the 
authorizations that certain party may have can only be granted by a higher authority. 

It would have been obvious to one of ordinary skill in the art at the time of 
invention to assign the authorized parties used in Lampson et al. by the management of 
the organization. 

In reference to claim 60: 

Lampson et al. does not explicitly disclose a system wherein said maintaining view 
representing an organization may present different characteristics and components to 
different outside reviewers. 

The Unified Modeling Language (UML) 1 .0 discloses different view 
representations of a particular model each subject to different reviews and each view 
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presenting different characteristics and components. (UML Semantics version 1.0, p. 
93-96) 

It would have been obvious to one of ordinary skill in the art at the time of 
invention to allow different aspects of the modeled system in Lampson et al. to be 
presented to different outside reviewers, given the advantage to observe one set of 
characteristics about the model to review only a particular aspect of the modeled 
system. 



12. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Thomas M Ho whose telephone number is (703)305- 
8029. The examiner can normally be reached on M-F from 8:30am - 5:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory A. Morse can be reached at (703)308-4789. The fax phone 
numbers for the organization where this application or proceeding is assigned are 
(703)746-7239 for regular communications and (703)746-7238 for After Final 
communications. 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is (703)306- 



Conclusion 



5484. 




GREGORY MORSE 

smmm patent examiner 

HOMOLOGY CENTER 2100 
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